Radif.

Security at Radif

Law firms trust Radif with sensitive financial workflows, so security isn't a feature we added; it's how the platform is built. Here is exactly how your data is protected.

Encryption in transit
Every connection to Radif, from your browser and between our application and database, is encrypted with TLS. There is no unencrypted path to your data.
Encryption at rest
All data, including file attachments and backups, is encrypted at rest (AES-256) and resides in AWS's Canada (Central) region, on managed infrastructure provided by Supabase and Amazon Web Services.
Tenant isolation
Every record in Radif is tagged with your firm's identity. One firm can never read, write, or even infer the existence of another firm's requests, users, comments, files, or reports.
Row-Level Security
Isolation is not an application-code promise: it is enforced by the database itself on every single query, using PostgreSQL Row-Level Security. Even a bug in our application code could not cross firm boundaries, because the database refuses the query.
Private file storage
Attachments live in private storage, namespaced per firm, with the same database-enforced access rules. Files are served only through short-lived signed links to signed-in members of your firm, and uploads are limited to common document types with a size cap.
Audit logging
Every action on every request (submission, approval, rejection, reassignment, completion) is written to an append-only audit log with the actor and timestamp. Audit records cannot be edited or deleted in Radif, and the database itself enforces that rule.
Authentication
Sign-in is handled by Supabase Auth with securely hashed credentials and email verification. Sessions are short-lived tokens, refreshed automatically and revocable at any time. Disabled accounts lose access to data immediately, at the database layer.
Role-based permissions
Every capability (submitting, approving each request type, working the accounting queue, administering users) is an explicit permission checked in the database, not just hidden in the interface. Roles are convenient bundles of those permissions, and every firm controls who holds them.
Backups
The database is backed up automatically every day, with point-in-time recovery available on our infrastructure provider. Backups are encrypted and covered by the same access controls as production data.
Disaster recovery
Radif runs on managed, redundant infrastructure (Vercel and Supabase on AWS). If a component fails, it is replaced automatically; if a region has an incident, we restore from encrypted backups. Our schema and configuration are fully version-controlled, so the entire platform can be rebuilt reproducibly.
Privacy commitment
Your data belongs to your firm. We collect the minimum needed to run the service, we never sell or share it, we never train models on it, and staff access is limited to what's required to support you. If you leave, we export your data and delete it on request.

On our roadmap

As Radif grows with its customers, the following are planned and will ship as they are completed:

Questions about security or privacy? We'll answer them directly. Contact us any time. Radif is a workflow tool and not legal or accounting advice; each firm remains responsible for its own compliance.